Method and device for authenticating a mobile station on an alternative communications network

ABSTRACT

A method of authenticating a mobile station on an alternate communications network is disclosed, the mobile station being associated with a default communications network. The mobile station comprises a baseband processor to manage the antenna-related functions and a SIM card to accommodate a default SIM associated with the default communications network for receiving network credentials from the baseband processor. The method comprises providing a SIM card device to intercept communications between the baseband processor and the SIM card, monitoring the network credentials in respect of the network that the mobile station is actively in communication with, determining whether the mobile station needs to switch to an alternate network, and identifying or receiving from a user the alternate network, consulting a SIM bank, comprising at least one alternate SIM, and selecting an alternate SIM having a mobile station identification variable compatible with the alternate network, receiving a network authentication request on the mobile station from the alternate network, and allocating the selected mobile station identification variable to the mobile station so as to identify the user of the mobile station on the alternate network.

FIELD OF THE INVENTION

This invention relates to a system and method for authenticating awireless device (also referred to as a mobile station (MS)) on analternate communications network that has been selected to provide auser of the wireless with better calling and/or data rates. In anembodiment, this invention extends to a SIM card device/accessory forfacilitating this authentication.

BACKGROUND TO THE INVENTION

A subscriber identification module (SIM) is an integrated circuit,typically embedded into a SIM card, which securely storesnetwork-specific information used to authenticate and identifysubscribers on the network, the network typically corresponding to amobile/cellular telephone network. The most important information storedon the SIM includes the International Mobile Subscriber Identity (IMSI),which is used to identify a SIM card with respect to its individualoperator network, the SIM's unique international circuit card identifier(ICCID) and an authentication key (Ki) used to identify and authenticatesubscribers on mobile stations (such as cellular/mobile telephones andcomputers, although the phrase “mobile station” will generally be usedin the specification to refer to such devices).

The IMSI number in turn typically comprises one or more of thefollowing:

-   -   a mobile country code (MCC), in terms of which use of the mobile        station will be limited to one country;    -   a mobile network code (MNC), in terms of which use of the mobile        station will be limited to a pre-determined network, such as        Orange or Vodafone, for example; and    -   a mobile station identification number (MSIN) in terms of which        use of the mobile station will be limited to one SIM card.

The IMSI is also used to acquire other details of the mobile station ina Home Location Register (HLR) or as locally copied in a VisitorLocation Register (VLR). The HLR is a central database that containsdetails of each mobile station subscriber that is authorized to use theGSM core network. The VLR is a database of the subscribers who haveroamed into the jurisdiction of the MSC (Mobile Switching Center) whichit serves. Each base station in the network is served by exactly oneVLR, hence a subscriber cannot be present in more than one VLR at atime. The data stored in the VLR has either been received from the HLR,or collected from the mobile station. Whenever a new mobile station isdetected on its network, the operator not only creates a new record inits VLR, but it also updates the HLR of the mobile subscriber, apprisingit of the new location of that mobile station.

The K_(i) authentication key is a 128-bit value used in authenticatingthe SIMs on a mobile network. Each SIM holds a unique K_(i) assigned toit by the operator during a personalization process. The K_(i) is alsostored in a database on the carrier's network.

The SIM card provides a software function that allows the mobile stationto pass data to the SIM card to be signed with the K_(i). This, bydesign, makes usage of the SIM card mandatory unless the K_(i) can beextracted from the SIM card.

Turning now to FIG. 1, the typical authentication process, to enable amobile station (MS) 1 to connect to a network 5, will be described.However, before doing so, at a high level and in respect of one aspectof the mobile station 1, the mobile station 1 comprises a basebandprocessor 2 to manage the antenna-related functions of the mobilestation 1 and a SIM card 3, with the baseband processor 2 communicatingwith the network 5. The SIM card 3 in turn comprises a baseband onlycomponent 3.1 that can communicate with the network 5 via the basebandprocessor 2. The SIM card 3 further comprises a memory component 3.2.The mobile station 1 further comprises an application layer 4 to runsoftware required to operate the mobile station 1.

With this in mind, the authentication process comprises the followingsteps:

-   -   1. When the mobile station 1 starts up, the application layer 4        request a connection from the baseband processor 2.    -   2. The baseband processor 2 then requests the mobile station's        International Mobile Equipment Identity (IMEI) number, which        uniquely identifies the mobile station 1, from the SIM card 3,        as well as the IMSI, which then gets sent as part of a        connection/authentication request to the network 5. The mobile        station may have to pass a PIN to the SIM card 3 before the SIM        card 3 will reveal this information.    -   3. The operator network searches its database for the incoming        IMSI and its associated K_(i).    -   4. The operator network then generates a Random Number (RAND)        based on the predefined K_(i), and from this it generates an        authentication vector 1 (AV1).    -   5. The operator network then sends the RAND to the mobile        station 1. The mobile station 1 then uses its predefined K_(i)        (which should match the K_(i) used by the network operator) and        the RAND to generate an authentication vector 2 (AV2). The        mobile station 1 then passes the AV2 back to the network        operator.    -   6. The operator network then compares AV1 and AV2, and if there        is a match, mobile station 1 is granted access to the operator's        network 5.

As briefly touched on above, in order to extend the connectivity serviceof a mobile station to a location that is different from the homelocation where the service was registered, the mobile station needs toundergo a roaming process. In terms of a conventional roaming process,when the mobile station is turned on or is transferred via a handover toa new network, this new “visited” network sees the mobile station,notices that it is not registered with its own system, and attempts toidentify its home network. The visited network then contacts the homenetwork and requests service information (including whether or not themobile station should be allowed to roam) about the roaming mobilestation using the IMSI number.

If successful, the visited network begins to maintain a temporarysubscriber record for the mobile station. Likewise, the home networkupdates its information to indicate that the mobile station is on thehost network so that any information sent to that mobile station can becorrectly routed.

In terms of the above, it will be appreciated that the annual revenue ofthe cellular industry worldwide, with regard to the provision of roamingservice, is estimated at well over 12 billion dollars. In this regard,income generated through roaming charges is incurred by end users makingor receiving calls, data or text messages outside of their home network.In some countries networks allow users to roam anywhere in the countryand not incur any surcharges for using their mobile stations. In othercountries, like Canada, simply leaving the metropolitan area that youreside in can result in roaming charges being incurred. However, inalmost all cases leaving the country you reside in will result inexcessive roaming charges being incurred.

Turning now to the issue of interconnect charges (i.e. fees billed to agiven network to terminate a call on another network), these generallyrepresent a major barrier to entry for new market participants. Newlyestablished networks face high interconnect charges as a result ofhaving a relatively small market share when compared to incumbentnetworks. Outgoing calls from the new network's consumers are more thanlikely to be terminated on a competitor's network. Many of thesenetworks must offer free incoming calls in order to attract consumers,as free incoming calls have been the de facto standard for many years.Thus, revenue is only earned when subscribers make outgoing calls. Thenew networks are thus under pressure, since to attract new customersthese new customers must invariably switch from an incumbent networkthat is already offering relatively low outgoing rates (and which theincumbent network would naturally try to protect since this representstheir only source of revenue).

Most networks also offer a lower rate for intra-network calls (asopposed to inter-network calls, as described in the previous paragraph)i.e. calls between subscribers on the same network, since these calls donot necessitate the need to pay interconnect fees. To take advantage ofthis (and thus, to a certain extent, to reduce the paying ofinterconnect fees), consumers carry multiple SIM cards so that peoplewishing to contact them always do so without having to makeinter-network calls.

All of the above makes it exceedingly difficult to switch to a newprovider or network and hence for new providers and networks to attractnew customers. In addition, customers who have a prepaid plan with a newnetwork still retain the SIM cards of the incumbent network. In view ofcost fluctuations in the price of minutes, the availability of minutesat a given retailer or other factors, consumers are less likely toconsistently purchase new minutes on the new network. In addition, userscannot simply forward their calls to the new network's SIM/numberwithout incurring a call forwarding cost.

Of further relevance to the context of the present invention, areso-called mobile virtual network operators. A mobile virtual networkoperator (MVNO) is a wireless communications services provider that doesnot own the radio spectrum or wireless network infrastructure over whichthe MVNO provides services to its customers. An MVNO enters into abusiness agreement with a mobile network operator to obtain bulk accessto network services at wholesale rates, and then sets retail pricesindependently. An MVNO may use its own customer service and billingsupport systems and its own customer service, marketing and salespersonnel. The MVNO business model is one in which no significantcapital expenditure on spectrum and infrastructure is incurred. Inaddition, MVNOs do not have the time-consuming task of building outextensive radio infrastructure. The relevance of MVNOs to the presentinvention will become clearer further on in the specification.

MVNOs may be classified as either a reseller MVNO or a FullInfrastructure MVNO, with the former simply being a branding entity withneither its own mobile license or its own mobile infrastructure, whilstthe latter does indeed have its own mobile license and/or mobileinfrastructure. In both cases, the MVNO has the direct customerrelationship with the end user. The MVNO is able to handle NetworkRouting themselves and will typically have entered into roaming dealswith foreign MNOs. The MVNO is often able to produce and distribute forexample voice minutes and data traffic, typically by tagging onto theirexisting fixed line operation, and the MVNO will typically be able tohandle producing SMS and MMS messages. A typical MVNO will be able tohandle customer service, customer billing and collection of consumptiondata and handset management. Furthermore the MVNO will usually handlemarketing and sales to end-users themselves.

OBJECT OF THE INVENTION

An object of the invention is to provide a system, method and SIM carddevice for authenticating a mobile station on an optimum communicationsnetwork, in order to overcome high roaming charges. Current roamingsolutions require the user to swap out their SIM card or carry anadditional mobile device, which is impractical and inconvenient. Inaddition, it is difficult to manage multiple SIM cards as they expire orget lost. In addition, there is a problem in respect of incoming calls,which existing roaming solutions do not adequately address. Finally,data has become more important than voice, with current internationalSIM cards are voice focused and do not offer competitive data rates,which is a further shortcoming of existing solutions that the presentinvention aims to address.

SUMMARY OF THE INVENTION

In broad terms, and at a high level, the present invention relates to avirtual SIM (VSIM) card for a mobile station/device, which is not atraditional SIM card, but is able to change its identity dynamically. Inuse, the VSIM card is coupled to a SIM bank, which may take the form ofa another mobile station or device, a physical server or a second/thirdSIM card slot on a mobile device, from which the VSIM is able to obtainits identity credentials. This technology comes in a variety ofembodiments, including a VPP-punched VSIM, a VSIM with an externalcommunication module, and a “user shared” SIM structure.

According to a first aspect of the invention, there is provided a methodof authenticating a mobile station on an alternate (or optimum)communications network, the use of the mobile station being associatedwith a default (or home) communications network, the mobile stationcomprising a baseband processor to manage the antenna-related functionsof the mobile station and a SIM card to accommodate a default (or home)SIM associated with the default communications network for receivingnetwork credentials from the baseband processor, the method comprising:

-   -   providing a SIM card device to intercept communications between        the baseband processor and the SIM card;    -   monitoring the network credentials in respect of the network        that the mobile station is actively in communication with;    -   determining whether the mobile station needs to switch to an        alternate network, and identifying or receiving from a user the        alternate network;    -   consulting a SIM bank, comprising at least one alternate (or        optimum) SIM, and selecting an alternate SIM having a mobile        station identification variable compatible with the alternate        network;    -   receiving a network authentication request on the mobile station        from the alternate network; and    -   in response to the mobile station being authenticated on the        alternate network, allocating the selected mobile station        identification variable to the mobile station so as to identify        the user of the mobile station on the alternate network.

In an embodiment, once authenticated on the alternate network, themethod further comprises:

-   -   receiving network credentials for the default network;    -   logging onto the default network to receive incoming calls        and/or data intended for the default SIM; and    -   forwarding the received incoming calls and/or data to the        alternate SIM via the alternate network.

In an embodiment, the step of determining whether the mobile stationneeds to switch to an alternate network comprises either receiving arequest from the user to switch to the alternate network or determiningthat the mobile station is deemed to be roaming.

In an embodiment, the step of receiving a network authentication requeston the mobile station from the alternate network includes the steps of:

-   -   the SIM bank relaying the device identification variable to the        SIM card device/module;    -   the alternate network issuing a device authentication request to        the mobile station in the form of a random number;    -   relaying the random number to the SIM bank;    -   running the random number against an integer stored in the SIM        bank to produce a decryption variable;    -   transmitting the decryption variable to the SIM card        device/module and to the alternate network;    -   the alternate network then comparing the received decryption        variable with an internally stored decryption variable to        determine whether there is a match,    -   in response to the received decryption variable matching with        said internally stored decryption variable, authenticating the        mobile station on the alternate network.

In one embodiment, the SIM bank is an external SIM bank on a SIM server.

In an embodiment that makes use of an external SIM bank, the SIM carddevice/module comprises:

-   -   a pseudo-SIM card that can be fitted to a conventional SIM card        receiver within the mobile station;    -   a SIM receiver to accommodate the default SIM;    -   a first communications module and associated antenna to enable        the SIM card device/module to communicate with the SIM bank; and    -   a processor to monitor the network credentials and determine        whether the mobile station needs to switch to the alternate        network.

In an alternate embodiment, the SIM bank is integrated into the mobilestation, with the SIM card device/module comprises:

-   -   a body having an alternate SIM embedded therein, the alternate        SIM being associated with the alternate network;    -   a SIM receiver for receiving or accommodating the default SIM        associated with the default network, the default SIM comprising        network credentials;    -   circuitry to connect the alternate and default SIMs to each        other (either physically or wirelessly) and to the rest of the        mobile station; and    -   a second communications module to extract the network        credentials from the default SIM and to transmit the credentials        to a remote gateway.

In an embodiment, the SIM receiver is integral or separate (yetconnected, with the circuitry) from the body.

In an embodiment, the SIM receiver is arranged to receive or accommodateat least one further default SIM associated with further defaultnetworks and with each further default SIM also comprising networkcredentials for the further default networks, with the secondcommunications module being arranged to extract the network credentialsfrom the further default and to transmit these credentials to the remotegateway.

In all embodiments, the network credentials include, but are not belimited to, IMSI numbers, (bearing in mind that that mobile networkoperators connect mobile telephone calls and communicate with theirmarket SIM cards using their IMSIs), K_(i) or other authenticationcredentials and serial information in respect of the second SIM.

In an embodiment, the method further comprises detecting when a networkorientated message (including but now limited to, an SMS message or aUSSD message) has arrived on the user's default SIM, reading the networkorientated message, storing the message in a database, and then sendingthe message to the user's alternate SIM at a designated “messagesending” time.

In an embodiment, the SIM card device is located between the basebandprocessor and the SIM card for intercepting communications between thebaseband processor and the SIM card so as to authenticate the mobiledevice on the alternate communications network.

In an embodiment, the SIM card device comprises an overlay that can besecured to the SIM card, the overlay comprising:

-   -   a communications processor, in which firmware is embedded;    -   a substrate upon which the communications processor is mounted        and wires are routed; and    -   pads that allow for the communications processor to send/receive        information to/from the mobile station.

In an embodiment, the method comprises the step of updating the firmwareon the communications processor, the communications processor comprisinga plurality of memory blocks, each memory block governing an instructionor function associated with the overlay, the method comprising:

-   -   receiving an update message from a remote communications module,        the update message comprising the address of the memory block in        the communications processor to be updated and a matching list        of replacement data that is to replace the existing data in the        respective memory block;    -   stalling the baseband processor by requesting more processing        time;    -   instructing the communications processor to erase the data at        the address in the memory block that is to be updated;    -   instructing the communications processor to write the        replacement data into the address of the memory block; and    -   once the replacement data has been written into the relevant        memory block, instructing the baseband processor to return to        normal operating state.

According to a second aspect of the invention, there is provided a SIMcard device for authenticating a mobile station on an alternate (oroptimum) communications network, the use of the mobile station beingassociated with a default (or home) communications network, the mobilestation comprising a baseband processor to manage the antenna-relatedfunctions of the mobile station and a SIM card to accommodate a default(or home) SIM associated with the default communications network forreceiving network credentials from the baseband processor, the SIM carddevice comprising a processor to:

-   -   monitor the network credentials in respect of the network that        the mobile station is actively in communication with;    -   determine whether the mobile station needs to switch to an        alternate network, and identifying or receiving from a user the        alternate network;    -   consult a SIM bank, comprising at least one alternate (or        optimum) SIM, and selecting an alternate SIM having a mobile        station identification variable compatible with the alternate        network;    -   receive a network authentication request on the mobile station        from the alternate network; and    -   in response to the mobile station being authenticated on the        alternate network, allocate the selected mobile station        identification variable to the mobile station so as to identify        the user of the mobile station on the alternate network.

In an embodiment, once authenticated on the alternate network, theprocessor is arranged to:

-   -   receive network credentials for the default network;    -   log onto the default network to receive incoming calls and/or        data intended for the default SIM; and    -   forward the received incoming calls and/or data to the alternate        SIM via the alternate network.

In one embodiment, the SIM bank is an external SIM bank on a SIM server.

In an embodiment that makes use of an external SIM bank, the SIM carddevice comprises:

-   -   a pseudo-SIM card that can be fitted to a conventional SIM card        receiver within the mobile station;    -   a SIM receiver to accommodate the default SIM;    -   a first communications module and associated antenna to enable        the SIM card device/module to communicate with the SIM bank; and    -   a processor to monitor the network credentials and determine        whether the mobile station needs to switch to the alternate        network.

In an alternate embodiment, the SIM bank is integrated into the mobilestation, with the SIM card device comprising:

-   -   a body having an alternate SIM embedded therein, the alternate        SIM being associated with the alternate network;    -   a SIM receiver for receiving or accommodating the default SIM        associated with the default network, the default SIM comprising        network credentials;    -   circuitry to connect the alternate and default SIMs to each        other (either physically or wirelessly) and to the rest of the        mobile station; and    -   a second communications module to extract the network        credentials from the default SIM and to transmit the credentials        to a remote gateway.

In an embodiment, the SIM receiver is integral or separate (yetconnected, with the circuitry) from the body.

In an embodiment, the SIM receiver is arranged to receive or accommodateat least one further default SIM associated with further defaultnetworks and with each further default SIM also comprising networkcredentials for the further default networks, with the secondcommunications module being arranged to extract the network credentialsfrom the further default and to transmit these credentials to the remotegateway.

In all embodiments, the network credentials include, but are not belimited to, IMSI numbers, (bearing in mind that that mobile networkoperators connect mobile telephone calls and communicate with theirmarket SIM cards using their IMSIs), K_(i) or other authenticationcredentials and serial information in respect of the second SIM.

In an embodiment, the SIM card device is located between the basebandprocessor and the SIM card for intercepting communications between thebaseband processor and the SIM card so as to authenticate the mobiledevice on the alternate communications network.

In an embodiment, the SIM card device comprises an overlay that can besecured to the SIM card, the overlay comprising:

-   -   a communications processor, in which firmware is embedded;    -   a substrate upon which the communications processor is mounted        and wires are routed; and    -   pads that allow for the communications processor to send/receive        information to/from the mobile station.

In an embodiment, the SIM card device comprises a local communicationsmanager (LCM) to receive an update message from a remote communicationsmodule (RCM) to update the communications processor's firmware.

In an embodiment, the communications processor comprises a plurality ofmemory blocks, each memory block governing an instruction or functionassociated with the overlay.

In an embodiment, each update message sent by the RCM comprises theaddress of the memory block in the communications processor to beupdated and a matching list of replacement data that is to replace theexisting data in the respective memory block.

In an embodiment, the LCM, upon receiving the update message, determinesthe address of the memory block in the communications processor to beupdated and prepares the overlay for the update. In this regard, the LCMis arranged to:

-   -   stall the baseband processor by requesting more processing time;    -   instruct the communications processor to erase the data at the        address in the memory block that is to be updated;    -   instruct the communications processor to write the replacement        data into the address of the memory block; and    -   once the replacement data has been written into the relevant        memory block, instruct the baseband processor to return to        normal operating state.

In an embodiment, if the communications processor does not allow for theerasing of a single byte, the LCM is arranged to first back up the extradata that is erased. At the time of writing the replacement data, if anentire block of memory had to be erased, the LCM at this point instructsthe communications processor to write the backed-up remaining bytes.

In an embodiment, the RCM comprises a SMS/USSD gateway or system capableof relaying the update message to the LCM via either the mobile device'sbaseband processor or the SIM card.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will be described, by way of example only, with referenceto the accompanying drawings in which:

FIG. 1 shows a high level block diagram of the components in a mobiledevice used to connect the mobile device to a communications network, inaccordance with a conventional, well known technique;

FIG. 2 shows a high level block diagram of the components in a mobiledevice used to connect the mobile device to a communications network, inaccordance with a first embodiment of the present invention;

FIG. 3 shows a method of authenticating a mobile station on acommunications network, in accordance with a further embodiment of theinvention;

FIG. 4 shows a diagrammatic view of a system for authenticating a mobilestation on a communications network, in accordance with yet a furtherembodiment of the invention;

FIG. 5 shows a schematic view of a device for use within a mobilestation, in accordance with a further embodiment of the invention;

FIG. 6 shows a diagrammatic view of a system for authenticating a mobilestation on a communication network, in accordance with yet a furtherembodiment;

FIG. 7 shows a logic flow between a requesting user and a plurality ofproviding users;

FIG. 8 shows the traditional design of a smart/SIM card;

FIG. 9 shows connecting pads on a traditional smart/SIM card;

FIGS. 10 and 11 show two versions of a thin overlay with an embeddedcommunications processor, according to further embodiments of thepresent invention;

FIG. 12 shows a VPP-removal tool to modify a user's existing SIM card;

FIG. 13 shows a SIM card after the VPP has been removed;

FIG. 14 shows a combined overlay and SIM card; and

FIGS. 15 and 16 show a SIM card overlay in the form of an electronicchip on a board; and

FIG. 17 shows an arrangement for achieving POTA (Precision Over the Airupdating), according to yet a further embodiment.

DETAILED DESCRIPTION OF THE DRAWINGS

FIG. 2 is substantially similar to FIG. 1 (with similar components beingnumbered similarly), save for a SIM card device 6 located between thebaseband 2 and the SIM card 3, to intercept communications between thesetwo components. Thus, and with reference to the authentication processalready described above with reference to FIG. 1, after the applicationlayer 4 requests a connection from the baseband processor 2, the SIMcard device 6 will communicate with a (in this case, external) SIM bank7, which in turn has SIM card profiles (including Ki, IMSI andauthentication algorithm information) for a plurality of communicationsnetworks 5.1. In this version, the SIM bank 7 will determine the optimumSIM card profile for the user, to ultimately enable the user to make ofuse relatively lower local call rates, as compared to roaming rates, andto receive forwarded calls. The use of the SIM card device 6 andassociated external SIM bank 7 will be described in more detail furtherbelow with reference to FIGS. 3 and 4.

In broad terms, the forwarding of calls may be done in one of threeways, as follows:

USSD String

This corresponds to a conventional way of forwarding calls, in which aUSSD string is submitted to forward the call to a local number at a VOIPserver. The user thus pays for this call transfer to the VOIP i.e. forthe first leg of the call. Thereafter, as part of the second leg of thecall, the call is carried over VOIP to the local number being used bythe user.

Virtualising User's Home SIM Card

As will be described in more detail further below with reference toFIGS. 5 and 6, the user’ home/default SIM card may be virtualized andput onto a gateway, with the call then being carried over VOIP to thelocal number used by the user. Advantageously, in this scenario, thereis only one leg in the call forwarding process, which the user does notneed to pay for in any event.

Use of the VLR (or Virtual VLR)

Traditionally, each SIM has one IMSI that is tied to an HLR. When a usertravels (i.e. roams) with his/her mobile station, the mobile stationconnects with a foreign HLR, and thus puts the mobile station into aVLR. With the present invention, a user may have multiple IMSIs on theSIM, and thus the SIM may be tied to multiple HLRs. Thus, when a userroams, it is not necessary for the mobile station to go to a foreignHLR's VLR. Instead, the foreign HLR may become the mobile station's new“home” HLR by changing its identity. The VLR may then, in use, receivecalls and SMSs and forward them to the active SIM (i.e. the selected SIMon the new/alternate network). The advantage of this is that the mobilestation is no longer deemed to be roaming.

In broad terms, therefore, the solution of the present inventionprovides a virtual SIM technology that is able to pass credentials inreal time to authenticate a device either remotely (with reference toFIGS. 3 and 4) or locally on the device (with reference to FIGS. 5 to16). In particular, the virtual SIM technology of the present inventionmonitors and intercepts the communication between the baseband processorand the SIM card, and seamlessly switches the mobile device to anotherSIM card or SIM card profile (namely, Ki, IMSI and the relatedauthentication algorithm information), and, in some cases, forwardsreceived calls to the new SIM card or SIM card profile. The basis of thetechnology is to enable users to access and automatically switch tocheaper rates when using network services.

As will be discussed in more detail further on in the specification,this may be achieved either with or without network cooperation. Withnetwork cooperation, the network/s provide (or at least readily makeaccessible) all the required information for accessing their network/s,which confidential information may then be stored on hardware/server(with reference to FIGS. 3 and 4) or on an overlay/sim card device (withreference to FIGS. 5 to 16). Thus, in this case, the technology of thepresent invention is applied to the user's home/default SIM card andvirtualizes the home SIM and intelligently produces the identity of theappropriate new SIM card.

Without network cooperation, in both cases, the authentication happensin real time and the technology virtualizes the SIM card to authenticateto a network and presents itself to the mobile station and the networkas one SIM card. Thus, in this case, a SIM card is transferred from onedevice to another without network co-operation.

With reference to FIG. 3, a method of authenticating a mobile station,in accordance with a first aspect of the invention, is generallyindicated by reference numeral 10. The method typically relates to amobile station, typically a GSM compatible mobile phone, which isinitially associated with a default (or home) communications network. Asdescribed above, the mobile station comprises a baseband processor tomanage the antenna-related functions of the mobile station and a SIMcard device to accommodate a default (or home) SIM associated with thedefault communications network for receiving network credentials fromthe baseband processor.

The method 10 comprises, at block 12, continuously monitoring thenetwork credentials in respect of the network that the mobile station isactively in communication with. At block 14, the method 10 comprisesdetermining whether the mobile station needs to switch to an alternatenetwork, and identifying or receiving from a user the alternate network.

At block 16, the user of the mobile station or an application on themobile station or a remote server will select an alternate GSM network.At block 18, a SIM bank comprising at least one alternate SIM card isconsulted to obtain a new device identification variable in the form ofan International Mobile Subscriber Identity (IMSI) number (the requestedIMSI being compatible with the cellular network which covers the presentlocation of the mobile station).

In particular, the SIM bank is queried at block 20 for the new IMSInumber as well as additional information. At block 22, the new IMSInumber is relayed over a data connection to the SIM card device withinthe mobile device.

At block 24, a network authentication request is received at the mobilestation. More particularly, a network authentication request in the formof a challenge is issued by the network to the mobile station, in theexample form of a random number (RAND), as shown in block 26. Asdescribed above, the operator network then generates an authenticationvector 1 (AV1) based on a predefined K_(i). At block 28, the randomnumber (RAND) is transmitted back to the external SIM bank over anunspecified data connection. At block 30, the RAND number is run againstan integer stored in the SIM bank with respect to the alternate SIM (thevariable Ki) to generate an authentication vector 2 (AV2), whichincludes a decryption key (the variable Kc). At block 32, AV2 istransmitted back to the SIM card device and back to the communicationsnetwork.

The mobile station is then authorized on the new network, at block 34.More particularly, the authentication variable AV2, which has beenreceived on the network, is compared to authentication vector AV1belonging to the network to determine whether there is a match, at block36. If there is a match, the mobile station is granted access to the newnetwork at block 38 and the process ends. The received Kc variable willbe used to encrypt all further communications between the mobile stationand the new, alternate network.

With reference to FIG. 4, a system in accordance with an embodiment ofthe present invention is generally indicated by reference numeral 50.The system 50 consists of a mobile station 52 in the form of a mobilephone (in the example form of a Global System for Mobile Communications(GSM) compliant mobile handset), an external SIM bank 54 and a pluralityof communication links (in the example form of GSM links) 56, 58, 60 toa plurality of associated alternate cellular networks 62, 64 and 66.

In turn, the external SIM bank 54 comprises a memory bank 68 including aplurality of unallocated device identification variables (in the exampleform of a plurality of International Mobile Subscriber Identity (IMSI)numbers).

Further to the above, the mobile station 52 comprises a baseband 68 tomanage the antenna-related functions of the mobile station 52.Typically, the baseband 68 is a device (either a chip or part of a chip)in a network interface that manages all functions that require anantenna, which may or may not include Wi-Fi and/or Bluetooth). Thebaseband 68 is in communication with a SIM card device 70 that in turncomprises a pseudo-SIM card 72 that can be fitted to a conventional SIMcard receiver within the mobile station, a SIM receiver 74 toaccommodate the default (home) SIM, an optional first communicationsmodule 76 and associated antenna 78 to enable the SIM card device 70 tocommunicate directly with the SIM bank 54 (if necessary), and aprocessor 80 to monitor the network credentials and determine whetherthe mobile station needs to switch to the alternate/optimum network (asdescribed above with reference to FIG. 3). A software application 82 isprovided to execute programmed instructions for operating the mobilestation 52.

Conventionally, as shown in FIG. 1, the baseband 68 would communicatedirectly with the mobile device's SIM card. However, with the presentinvention, the SIM card device 70 acts as a middleman between thedefault/home SIM card and the baseband, thus enabling it to interceptand monitor all data (network credentials in particular) being exchangedbetween the baseband 68 and the default SIM card (fitted within the SIMreceiver 74).

The invention has so far described an external SIM bank on a SIM server(for example). However, in an alternate embodiment, the SIM bank may beintegrated into the mobile station itself, as will now be described withreference to FIG. 5. A device 100 for use within a mobile station (MS),typically a cellular/mobile telephone, is shown. The device 100comprises a body or casing 102 having an alternate/optimum SIM 104embedded therein. Although SIM has been defined above as being anintegrated circuit, typically embedded into a SIM card, the alternateSIM may comprise circuitry or software that emulates the functionalityof a SIM (such as a software-SIM), with the credentials of a real SIMthen being burnt onto the circuitry or software.

The device 100 further comprises a SIM receiver 106 for receiving oraccommodating a default/home SIM 108 (i.e. the user's SIM) associatedwith a default (or home) network. The default SIM 108 comprises networkcredentials comprising, but not limited to, the IMSI number (bearing inmind that that mobile network operators connect mobile phone calls andcommunicate with their market SIM cards using their IMSIs), Ki or otherauthentication credentials and serial information in respect of thedefault SIM 108. The extraction of Ki may advantageously allow for therunning of the authentication process directly on the device 100 itself,as opposed to sending it to a server (such as the SIM bank server) forgeneration.

In an embodiment, the SIM receiver 106 is arranged to receive oraccommodate at least one further default SIM associated with furtherdefault (or incumbent) networks and with each further SIM alsocomprising network credentials for these further networks. In such acase, the SIM receiver 106 takes the form of a multi-slot SIM holder.

The device 100 further comprises circuitry to connect the alternate anddefault SIMs to each other, typically by means of a processing component110, and to the rest of the mobile station, which may be done eitherphysically (as indicated by wires 112 in FIG. 3) or wirelessly. Theprocessing component 110 may comprise a microcontroller, FPGA, orsimilar and is used to control communications between the various itemsin the device.

The device 100 further comprises a second communications module 114,typically a transceiver module, to extract the network credentials fromthe default SIM 108 and to transmit the credentials to a remote gateway116. The remote gateway 116 will be explained and described in moredetail below with reference to FIG. 4. The second communications module114 also allows for communication with the mobile network operator, andallows for communication over IP. The module need not be a singlesystem, and instead could be comprised of two separate modules connectedby wired or wireless means.

In the event of the SIM receiver 106 accommodating at least one furtherSIM, the second communications module 114 is arranged to extract thenetwork credentials from the further SIMs and to transmit thesecredentials to the remote gateway 116.

In an embodiment, the body 102 comprises a substrate, such as a printedcircuit board (PCB) covered by an overlay. Again, the body 102 need notbe a single body or casing, but it could be segregated into multiplecases connected by wired or wireless means. However the case isdesigned, it will have embedded into it a means by which it cancommunicate with the users mobile device. This could be throughBluetooth, USB or any other wired/wireless means of communication.

In an embodiment, the alternate SIM 104 is associated with anew/alternate network wishing to move a consumer, who is a subscriber ofthe default, incumbent network, away from the incumbent network. Thealternate SIM 104 may also be associated with an MVNO, which will bedescribed in more detail further on in the specification.

In an embodiment, the SIM receiver 106 is integral with (as shown inFIG. 3), or separate (yet connected, with the circuitry) from, the body102.

Turning now to FIG. 6, a system 150 for operating the device 100 shownin FIG. 5, is shown. The system 150 comprises a gateway 116 (asdescribed with reference to and as shown in FIG. 5) that is remote fromthe device 100. The gateway 116 comprises a third communications module152 for communicating with the second communications module 114 of thedevice 100.

The gateway 116 further comprises a processor 154, which is connected orconnectable to the third communications module 152, which is arranged toreceive the network credentials from the default SIM 108 as extracted bythe second communications module 114. Any one of a number ofcommunications protocols may be used to facilitate this communication,such as USSD, the internet or a similar wireless medium.

The gateway 116 further comprises a remote registration server thatincludes information such as:

-   -   1) The users' current IP address    -   2) Whether they are willing to share their SIM card.    -   3) Details regarding their plan (provider, available minutes        etc).    -   4) Any restrictions on when their SIM card is available for use.

The purpose of the registration server is not only to facilitatecommunication between users but also to prevent SIM card access withoutpermission. Users will be able to form “groups” and only those who arepart of the group will be able to gain access to another's SIM card.

The processor 154 is further arranged to log onto the default network156 to receive incoming calls to the user's default number, with theprocessor 154 then being further arranged to forward the calls to thetelephone number associated with the alternate SIM 140 in the body 102.This would be done at a low cost to the new network, since the incumbentnetwork would need to handle, in any event, incoming calls to the userat no charge.

The processor 154 at the gateway 116 can further detect when a networkorientated message (including but now limited to, an SMS message or aUSSD message) has arrived on the user's default number associated withthe default SIM 108. In such a case, the processor 154 will read thenetwork orientated message, store the message in a database 158, andthen send the message to the user's new number at a designated “messagesending” time.

A similar process happens in reverse when the user places an outgoingcall using his mobile station, thereby ensuring that outgoing callsalways take place on the new network, so as to take advantage of therelatively local call rates associated with the new network.

It is envisaged that the SIM card devices 70, 100 may be encapsulatedwithin a case, which in turn may be fitted to the mobile device.

In use, and with particular reference to FIG. 7, the device 100 willbegin in an “offlne mode”. While in this mode, the user will connect tothe mobile network based on the identification credentials of thedefault SIM in the SIM holder slot 106. When it is determined that theuser needs to swap to another SIM (“the requesting user”), the softwareapplication contacts the registration server of the remote gateway todetermine what SIM cards are available (“the verification procedure”).In order to accomplish this, the registration server sends acommunication over IP (or any other means of wireless/wiredcommunication) with all users recorded in its server (“the providinguser”). During this communication it checks whether:

-   -   (1) the registered SIM is active;    -   (2) the providing user's SIM is still enabled for sharing.

The requesting user will then receive a list of all providing userswhose SIM cards are available. In the event that the user does not haveaccess to a data connection, the transceiver module 114 in FIG. 5 couldbe used to facilitate the communication.

Upon the verification procedure being completed, the mobile device willenter into a “Swap mode” when the user selects which SIM card they wishto connect to. In this mode, the methodology will conduct the followingsteps:

-   -   1. The software application will contact the registration server        to obtain the authentication credentials of the providing user's        SIM (IMSI, ICCID etc).    -   2. Once the credentials are received, the receiving user's        module will utilize its alternate SIM emulation hardware in        place of the default SIM inserted in its SIM-holder slot it        should be noted that this step is not necessary, and the module        could be designed to allow the user to simply use their inserted        SIM card.    -   3. The receiving user will log onto the providing user's SIM        following the procedure.

Thus, and now with reference to FIG. 5, when the user is in a locationwhere the MNC/MCC is that of the provider of the default SIM 108 and itis determined by the mobile station that the user is not roaming, thedevice 100 remains in an “inactive mode”. In the inactive mode thedefault SIM 108 remains connected to the default/home mobile network.

MNC/MCC refers to the mobile network code and mobile country code. Thesetwo numbers form a unique number for every single operator in the world.For instance, MTN South Africa is 655010, comprising an MCC number of655 (South Africa) and MNC number of 010 (MTN). Cell C South Africa, onthe other hand, is 655007. The combination of the MNC/MCC and roaming isimportant. It is possible, for example, to have an MNC/MCC that differsfrom that of SIM 104, but in which the mobile station is not roaming,due to, for instance, agreements or in the US, for example, where goingfrom state to state does not amount to roaming. At the same time, it maybe possible to have the same MNC/MCC, but be roaming. This occurs, forexample, in Canada where just leaving Toronto amounts to roaming. Thisembodiment of the present invention is primarily aimed at switchingpeople when they are in roaming territory.

When the device 100 detects that either: (1) the user MNC/MCC haschanged and that they are roaming; or (2) the user's MNC/MCC has notchanged but the user is nonetheless roaming, the device 100 enters into“active mode”. In scenario 1), one way of detecting an MNC/MCC change isby examining the location update information (LOCI) that is sent by thebaseband processor (although the baseband processor is not shown in FIG.3, the device 100 would similarly be positioned between the basebandprocessor and the default SIM (as with the layout in FIG. 2). TheMNC/MCC of the user may readily be extracted from LOCI updates, as longas the baseband processor is able to connect to some network. In orderto detect if a mobile station is roaming, the easiest way ofaccomplishing this is through querying the baseband processor of thephone for its status.

When in the “active mode” the device 100 first ensures that the defaultSIM 108's credentials have been transferred to the gateway 116. If theyhave not, device 100 utilizes the second communications module 114 to dothis (as described above). Once the default SIM 108's credentials havebeen transferred to gateway 116, the default SIM 108 is disconnectedfrom the mobile network. One way of achieving this is for the processingcomponent 110 (FIG. 5) to inhibit any communication from reaching theSIM 108. This may, in turn, be achieved by providing a multiplexer(internal or external), wherein when the multiplexer is set to 1 alldata to the baseband goes to SIM 108, and when it is set to 0 all datato the baseband goes to SIM 104.

Upon SIM 108 being disconnected, processing component 110 connects thealternate SIM 104 to the mobile station's telecommunications circuitry.In other words, the processor 110 has blocked SIM 108 from talking tothe baseband processor, and now all communications are done with SIM104.

Processing component 116 (FIG. 5) then issues a command to the mobilestation's telecommunications circuitry causing the mobile station toreinitialize itself with the credentials of alternate SIM 104, using aso-called “rebootless reset” in which the mobile station restarts itsbaseband processor without the user physically having to power cycle themobile station. Alternatively, the same result can be achieved by theuser physically restarting their mobile station.

Although not shown, the system 150 may comprise a VOIP server thatsimply forwards the received calls and SMSs to the user's local SIM.

For clarification, the SIM swap mechanism described above with referenceto FIG. 7 shows one of two possible ways. In particular, this figureshows a variety of users (i.e. individuals) who may set up their owndevices to allow for loaning of their cards. For example, John is in theEuropean Office and does not need his Canadian SIM, while Joanne iscoming from the Asian Office and needs a Canadian SIM for her duration.In this situation, the user would likely have a dual-SIM phone deviceand/or this device would allow for multiple SIM slots. When a user“rents” a SIM 1 without renting out their own SIM 2 (i.e. they take butdo not give), they are placed on SIM 1's network and all theircalls/SMSs from SIM 2 are sent to them.

If, however, they rent a SIM 1 and rent out their SIM 2, the forwardingis no longer possible as someone else is using their credentials at thetime. Thus, in an alternate variation of the SIM swap mechanism, it ispossible that instead of users, an infrastructure is setup with mobilestations and SIM cards (similar to SIM Bank 7 in FIG. 2, in which, forexample, there is a room filed with servers that are connected to amobile network). In this case, the infrastructure emulates many userswith many SIM cards that can be rented. Thus, using the above scenario,Joanne coming from the Asian Office would rent out a Canadian SIM notfrom John but from the infrastructure setup. In this case, the“providing user” is not a real person but a machine. This can expandedupon in which, for example, a requesting user requests from a machinewho then requests from another machine who can then request from a realuser.

Turning now to FIG. 8, the traditional design of a smart/SIM card 200consists of a layer of plastic 202 with a processor (that helps definethe SIM) embedded inside. Access to the processor is only possible byutilizing a series of metal pads 204 (“the pads”, “external pads” or“communication pads”) that are located on the outside of the plastic202. These pads 204 allow external devices to provide the smart card 200with power, a clock, and an access point for bidirectionalcommunication. The metallic pads 204 on the SIM card 200 are pressedagainst similar pads found on the target device. Such a design islimiting as it inhibits the ability of other devices to simultaneouslycommunicate with the SIM. Unless complicated and bulky wiring mechanismsare used, the SIM card 200 must be physically moved in order to be usedwith multiple devices.

In an embodiment of the present invention, a wireless communicationmodule (“the WCM”) is provided on the SIM card 200 so as to define a“Wireless SIM” that can communicate with multiple external/attacheddevices over wireless mediums. It should be noted, that the “WirelessSIM” will not prevent or hinder the ability of the SIM card 200 toutilize a wired medium for communicating with external devices. Itshould also be further noted that while the term “Wireless SIM” is used,this does not restrict the technology to SIM/smart cards used withinmobile devices. As the smart card technology is a generic protocol, thetechnology can be used in conjunction with smart cards embedded inbank/credit cards, washing machines and other such devices.

The Wireless SIM can exist in one of two forms. In its first form (“theattachment form”), the Wireless SIM is an “external module” that latchesonto an existing SIM card, such as card 200 in FIG. 8, thuscorresponding to an overlay SIM card of the type discussed in moredetail further below. The external module contains all componentsrequired for data processing and communicating with external devices. Inorder to communicate with the SIM, the external module directly connectsitself to the SIM card's pads. It should be noted that it is notnecessary for the external module to be directly placed onto the smartcard itself. In one form, the external module could be connected to thesmart card through a flexible PCB.

In the second form of the invention, the Wireless SIM is directlyembedded onto the SIM card itself. In this form, the components requiredfor processing data, communicating with external devices, and SIM-cardrelated functionalitles are contained within one system (“single systemform”). It should be noted, that in the single system form it is notnecessary for an actual smart card processor to be present. It ispossible for all SIM-related functionalities to be simulated by thecomponents responsible for data processing (i.e. a “virtual” SIM).Similarly, it is also not necessary for a data processing component tobe present. Instead, all data-processing functionalities could beembedded on the smart card processor.

In one embodiment of the Wireless SIM, an embedded bluetooth radio isused to communicate over the wireless medium whereas the Virtual SIMresides on a separate computer. The Wireless SIM in this embodimentwould serve as a “pipe” between the mobile phone and computer. Allcommunication coming from the mobile phone's baseband would be capturedby the wireless SIM and then retransmitted to the computer overbluetooth. The computer running the Virtual SIM would then determine theappropriate response and relay this information back to the Wireless SIM(which in turn would transmit it back to the baseband).

Regardless of what form the Wireless SIM takes, it may contain one ormore of the following components:

-   -   1. Wireless Communication Module (“WCM”): a device capable of        communicating with other devices over a wireless medium. The        type of wireless medium is not restricted to any protocol in        particular. Instead it could be (but is not limited to)        Bluetooth, WIFI, GSM/3G/4G and any others that currently exist        or may be created in the future.    -   2. Smart Card Processor (“SMP”): a processor (or similar device        such as a microcontroller) that is used to facilitate normal        smart card functionalitles. These include, but are not limited        to, data storage (authentication vectors, contacts etc.),        authentication to a network, and basic communication (such as        reading and writing). If the SMP is merged with the data        processing module, it is not necessary for this to be a separate        component.    -   3. Data Processing Module (“DPM”): a processor, microcontroller        or similar devices used for managing data communication between        the SMP and the WCM. The DPM functionalitles include, but are        not limited to, parsing and replying to requests from the WCM        and transferring data to the SMP.    -   4. Wiring System: As the wireless SIM can exist in an attachment        form, the wiring system is a means by which the external module        can be connected to the SIM card itself. It should be noted that        this is not limited to simple to wires connecting the external        module to the SIM card's pads. It could also consist of a system        whereby the pads of the external module are pressed against the        SIM card's pads.

In use, the Wireless SIM will operate autonomously and create an accesspoint (“AP”) that external devices can access it from. This access pointwill depend on the technology used, but could be anything from a WIFIhotspot to a TCP socket. Any communication that comes through the APwill be processed by the DPM and forwarded to the SMP. At the same time,any responses from the SMP will be processed by the DPM and forwarded tothe device via the AP. It should be noted that there is no limit placedon how many devices can connect to the Wireless SIM at any given time.The limit, if any, will be dictated by the wireless communicationprotocol used.

Thus, in one version of the invention, the SIM card device/module, andin particular, the WCM, may be used purely for data transfer from thedefault/home network to the new/alternate network. This is all doneusing the virtual SIM concept described above, with, again, the aimbeing to provide the user with the best available data rates in anautomated and seamless manner. In this version, however, there would beno mobile station as such, but would rather take the form of a simplehardware encapsulating the SIM card device/module, such as a USB or aMiFi module.

In an embodiment the MiFi/USB module consists of a processor, awireless/wired communications module, telecommunications modems (2G, 3G,LTE etc) and a SIM Bank server. The processor contains an embeddedvirtual SIM that interfaces with the telecommunications modem. Thecredentials of this virtual SIM are obtained from SIM cards stored in aSIM Bank Server through the wireless/wired communications module.

Turning now to FIGS. 9 to 14, a SIM card overlay in the form of a PCBdevice will now be described. In particular, this aspect of theinvention relates to an overlay or ‘sticker’ that attaches to a SIMcard, the device being designed, in particular, to allow for thecreation of an overlay that is capable of being used with any sized SIMcard or within any SIM card holder. The terms USIM card and smart cardmay also be used when referring to ‘SIM card’. This part of theinvention relates to an overlay that attaches to a SIM card, to providean overlay that is capable of being used with any sized smart card orwithin any smart card holder. In order to be able to interceptcommunication between a SIM card and a mobile station, it is necessaryfor some hardware to be placed between the mobile station and the SIMcard. In an embodiment, this takes the form of an overlay thatcomprises:

-   -   1) A microcontroller, microprocessor or similar used for        processing communications (henceforth referred to as the        “communications processor”).    -   2) A PCB (flexible or otherwise) upon which the communications        processor is mounted and wires are routed.    -   3) Pads that allow for the communications processor to        send/receive information to/from the mobile station or smart        card.

In designing such a system, it is critical that the overlay whenattached to the SIM card does not exceed the maximum height of themobile station's smart card holder. The smart card holder consists of ametallic “cage” into which the SIM card is placed and generallyrestricts the height of whatever is inserted to 0.9-1 mm. Furthermore,with manufactures pushing for the adoption of “nano”-sized SIM cards,the length and width of the smart card holders are becoming increasinglysmaller so as to comply with the ever decreasing size of the SIM card.

The aim of this aspect of the present invention is to provide an overlaythat is capable of being used with any sized smart card (“the seamlessoverlay”). The device will conform to any size restrictions imposed bythe smart card holder without the need of any external wires. As alreadydescribed above with reference to FIG. 8, a SIM card usually consists of3 components:

-   -   1) A plastic enclosure (unless it is a nano-SIM).    -   2) A processor in the form of an IC.    -   3) Pads/Pins to facilitate communication, with the layout of the        pads and how they are connected to the processor being of        particular importance.

As shown in FIG. 9, the SIM card 220 can have upwards to 8 pins/pads 222and the processor is usually placed in such a fashion so as to minimizethe length of wire (or trace) needed to reach the pads. Of all the pads222 that are available, however, VPP (pad C6) is never connected in thefinal SIM card 220 that is distributed to customers. VPP is used forprogramming the processor chip, and this is done only once in thefactory prior to connecting the processor to the pads. The pad remainsthere to allow for non-mobile stations that utilize smart cardtechnology to connect and utilize the pin should they find it necessary.It should be noted that while FIG. 9 shows C6 being placed in themiddle-right position, it is possible that future revisions of the SIMchange the location of this pad.

In developing a seamless overlay, the invention takes advantage of thefact that C6 is not used in mobile station and is generally leftunconnected. This aspect of the invention thus comprises two components:

-   -   1) A thin overlay with an embedded communications processor,        with two possible versions being shown in FIGS. 10 and 11.    -   2) A tool capable of accurately removing C6 (“the VPP removal        tool”), which will be described with reference to FIG. 11.

Referring to FIG. 10, a device 250 for use as an overlay that attachesto a SIM card, such as card 220 in FIG. 9, within a mobile station (MS),typically a cellular/mobile telephone, is shown. The device 250comprises a body 252 having six SIM-communication pads 254 and acommunications processor 256 embedded therein. The six SIM-communicationpads 254 are used to allow for the communications processor 256 to beable to send/receive information to/from the attached SIM card 220.Ideally, and turning back to FIG. 10, the communications processor 256should have a length of no greater than the distance between the upperedge of C7 and the lower edge of C5 and a width less than or equal tothe distance from the left edge of C6 to the right most edge of the SIMcard itself.

Furthermore, the communications processor 256 should be placed such thatwhen the device 250 is pressed again the communication pads of theuser's SIM 220, communications processor 256 presses against contact C6.Pads 254 and processor 256 are mounted on a thin PCB 258 that may be inthe form of a flexible PCB or something of similar thickness. Dependingon the thickness of the PCB, it is possible that part of thecommunications processor 256 is submerged into the PCB 258 itself inorder to save on height. The thickness of thin PCB 258 should be suchthat it does not exceed the thickness of the user's SIM card 220.

The device 250 further comprises, on the back of the device 250,external communications pads 260. Pads 260 allow for the device 250 tocommunicate with any external devices (such as the mobile station).

Furthermore, as shown below in FIG. 11, it is not necessary for there tobe a plastic frame at all. How much of a plastic frame exists willdepend on the form (mini, micro or nano) of the user's SIM. The overlay250.1 in FIG. 11 is substantially the same as the overlay 250 in FIG. 10save for this difference, and thus will not be described in more detail.

Prior to the overlay 250 being attached to the smart card, a VPP-removaltool may be used to modify the user's existing SIM card. As depicted inFIG. 12, the tool 280 consists of an alignment system 282 and a holepunching mechanism 284. The alignment system 282 allows for the users toline up the punching mechanism 284 with the VPP (Contact C6) of theirSIM card. The user, an embedded processor 286, or both, adjust/s theknob 288 in order to align the hole punching mechanism with the VPPcontact.

Once the alignment system 282 has located the VPP, a hole 290, as shownin FIG. 13, is punched of a size to accommodate the communicationsprocessor 256 in device 250 (FIG. 10). It should be noted that the hole290 is not limited to simply the contact portion 292 of the SIM card220. Instead it can extend into the plastic frame 294 (should a plasticframe exist).

Once the hole 290 in FIG. 13 is created, as shown in FIG. 14, theoverlay 250 is placed onto the user's SIM 220 in a manner that thecommunications processor 256 fits through the hole 290. The placement ofthe overlay 14 should be such that the user's SIM 220 and overlay 250line up exactly. When this is accomplished, the resulting SIM cardcomposite 296 will be able to fit into a mobile station's smart cardholder regardless of size requirements.

In an alternate embodiment, it is not necessary for the VPP of the SIMcard to be punched. The passive and active components that make up theoverlay are thinned such that the total thickness of the overlay doesnot exceed the tolerance requirements of a SIM card. The components arethen assembled in such a manner so as to ensure that the total surfacearea of the overlay does not exceed that of a NANO SIM card. Thisconsequently allows for a “one size fits all” solution.

Alternatively, the overlay 250 may be incorporated into the cage or trayfor holding the default/home SIM.

Tuning now to FIGS. 15 and 16, a SIM card overlay in the form of anelectronic chip on a board will now be described. In developing aseamless overlay, this aspect of the invention takes advantage of thefact that the majority of a SIM card 300 is logically or electricallyinsignificant. As shown by the circled areas 302 in FIG. 15, only aportion of the SIM card 300 is necessary, with this portion beingreferred to further below as the ‘SIM [Card] IC’. A tool, similar totool 280 in FIG. 12, may be used to punch out the ‘SIM IC’ so as todefine a Cutout SIM 304 as depicted in FIG. 16.

Once a Cutout SIM 304 has been created, it is placed into a SIM Overlay306 that consists of a communication chip 308, routing wires 310, PCBBoard 312 and Cutout SIM Holders 314. The back of the SIM overlay 306looks identical to a normal SIM card, with connection pads capable ofcommunicating with a mobile station's connectors. As depicted in FIG.16, the number of Cutout SIM Holders 314 could be more than one, withthe maximum amount of Cutout SIM Holders 314 that can be present on theSIM Overlay 306 being restricted by the surface area of a smart card.

Communication chip 308 is used to process all communication between themobile station and the Cutout SIMs 304 present in Cutout SIM holder 314.This includes extracting authentication credentials, swapping betweenCutout SIMs and transferring information to remote servers.Communication between communication chip 308 and Cutout SIM Holders 314take place via routing wires 310. The technology for the routing wires310 is not limited to physical wires, but could also be copper tracesetched into the board.

One application of the present invention is the ability to conductmobile network connection transfers utilizing the above technology. Asis well known, and partly described above, upon registering with anetwork, users are provided with a USIM (Universal Subscriber IdentityModule) card (or a SIM card for networks using older technologies).Within this card is stored a set of identification information thatallows a user to “unlock” access to a networks towers. This informationis unique to the user and includes:

-   -   1. IMSI, ICCID, Ki and Kc, which have all been described above.    -   2. Authentication-related vectors: these vectors are found in        USIMs and are used to safeguard the user against “dummy towers”        being set up to steal their SIM's identification credentials.        The vectors allow the users USIM card to verify that the tower        it is connecting to is that of the mobile operators and not a        malicious user's.    -   3. TMSI/P-TMSI: special vectors that are used by the mobile        network to track where the user is located.

In allowing users to access their networks, mobile operators generallyutilize one of two processes, namely either “Full Authentication” or“TSMI Authentication”. The “Full Authentication” process is the standardby which a network authenticates a user to the network. Upon turning ontheir mobile station, the user's device determines which network the SIMcard belongs to and broadcasts its IMSI in an effort to gain access tothe network's mobile services. Upon reading the user's IMSI, the networkobtains the users authentication credentials from its servers andtransmits a series of “RANDs” to the SIM card. If the SIM card is ableto provide accurate responses for each RAND, the network grants the useraccess to its networks. All communication then proceeds using theencryption keys generated by the SIM during authentication. The problemwith the “Full Authentication” system is that it is relatively slow andexposes the users to the risk of “dummy towers” stealing itscredentials. This is because, until the authentication is completed,communications between the USIM and networks occur unencrypted. Thus, ifthe user were to have to re-authenticate every-time they lostconnection/restarted their mobile station, this would expose them to therisk of over-the-air SIM-card identity theft.

In order to minimize this risk, on gaining such access, the user's SIMis programmed over-the-air (OTA) with “TMSI” (voice) and “P-TMSI” (data)numbers. These numbers store information regarding the user'slocation/network connection and serve as a means by which the user canidentify themselves to the network without having to under-go a “FullAuthentication” (the “TMSI Authentication” process). The TMSI/P-TMSI aregenerally valid from the earlier of 12-48 hrs from the lastFull-Authentication or when the user enters a region deemed to be a “newlocation” by the network.

The part of the invention, in this regard, will be referred to as the“Connection Transfer System” or “CTS”. CTS intends to take advantage of“TMSI Authentication” to provide users with a means by which they canconnect to different networks despite not being physically in possessionof the SIM cards. Upon enabling the CTS system, the user would select anetwork to which they would like to connect to. The available networkswould be based on USIMs/SIMs that were stored either in a remote serveror a module connected to their mobile station (hereinafter referred toas “the remote SIM(s)”). Once selected, a communication module on aremote server (or attached to the user's mobile device) would conduct a“Full Authentication” in order to generate a valid TMSI/P-TMSI sequence.These sequences would be then passed to the user's CTS system. Thiswould enable the user to connect to the network that the remote SIM wasregistered to (without physically having to be in possession of the SIMor inserting it into their mobile device).

CTS comprises three general components:

-   -   (1) SIM Virtualization Hardware (i.e. the SIM device as        described above).    -   (2) A “SIM Storage Module” that encompasses a system that stores        remote SIMs cards and is capable of writing and reading data to        them, contains a communication device that allows it to connect        to mobile network operators (“network communication device”),        and contains a communication device that allows the module to        transfer data to the SIM Virtualization hardware by wired or        wireless means. The implementation of a SIM Storage module is        not to be limited to a server connected to a SIM Bank. It could        also take other forms, such as a case that attaches to the users        mobile station or a wireless device that the user carries with        them. Furthermore, the “SIM Storage Module” need not be a single        self-contained system, but could be comprised of separate        sub-modules connected by wireless or wired means.    -   (3) A software application that runs on the user's mobile        device, SIM card or on the SIM virtualization hardware itself.        The software application could also consist of software running        on a microcontroller embedded in the CTS system.

In use, CTS begins in an “offline” mode. When in this mode, the userwill connect to the default/home network specified by the SIM Cardinserted in their mobile device. When CTS is enabled, the softwareapplication communicates with the SIM Storage Module to determine whatnetworks are available based on the remote SIM cards stored in themodule. From this query, the user is presented a list of networks towhom they can connect to.

When a network is selected by the user, CTS enters “transfer preparationmode”. Upon entering this mode, the software application informs the SIMStorage Module to prepare the selected SIM for a connection transfer.This involves the following steps:

1. Upon being informed that “transfer preparation mode” was triggered,the SIM Storage module erases all information concerning previousauthentications on the selected SIM card. This will ensure that thenetwork is forced to generate “fresh” TMSI/P-TMSI sequences.2. The module powers on the network communication device and connectsthe selected SIM card to it.3. The network communication devices engages the mobile network operatorto begin an authentication sequence based on the identificationcredentials of the selected SIM Card.4. Once the TMSI/P-TMSI values are generated, the SIM Storage Moduleshuts down the network communication device. The shut-down procedureshould be done during the transfer preparation mode so as to prevent thepossibility of two different devices connecting to the networksimultaneously. Two devices being simultaneously connected could resultin TMSI/P-TMSI sequences being invalidated or a card being banned fromthe network.5. After the network communication device is shut-down, the SIM StorageModule reads the TMSI/P-TMSI sequences from the card and transfers themto the software application. In addition, the SIM Storage Module willtransmit the remote SIM card's identification credentials.

Upon receiving the TMSI/P-TMSI, CTS enters into “transfer mode”. Duringthis mode of operation, the connection transfer is completed through thefollowing steps:

-   -   1. The software application takes the TMSI/P-TMSI sequence and        transfers it to the SIM Virtualization Hardware. This can be        accomplished via external wire/wireless communication modules or        by utilizing the mobile device's internal communication        channels.    -   2. Once the TSMI/P-TMSI and identification credentials are        received, the SIM Virtualization Hardware enters into “listening        mode”. While in this mode, the hardware will intercept any        requests by mobile device for TMSI/P-TMSI/identification        credentials of the inserted SIM. The hardware will remain in        this mode until the user disables the CTS system.    -   3. Upon the Sim Virtualization Hardware entering “listening        mode”.

A SIM session reset will be triggered by one of two methods:

-   -   1. The user will manually restart their mobile station.    -   2. The hardware will request that the baseband perform a warm        reset via STK, CAT, or similar technologies. A warm reset will        force the baseband to reread all the data on the SIM card.

Once the SIM session reset is complete, the hardware will respond to anyrequests for TMSI/P-TMSI/identification credentials with valuestransmitted from the SIM Storage Module.

Once the process is complete, the user will be connected to the mobilenetwork operator that they selected.

In a further application of the present invention, a method of ContractLoad Balancing using the above virtual SIM technology will now bedescribed. For the purpose of this section, ‘Contract Load Balancing’will be referred to as the “CLB System”. The CLB system is comprised ofthree general components:

1. SIM virtualization hardware.2. A server that has a SIM Bank server attached to or built into it(“SIM Bank Server”). This component of the CLB system keeps record ofpersons who are registered as part of the system, a list of SIM cardsthat are present in the SIM Bank server, and information on the plansthat are tied to each SIM Card (“the cellular plan”).3. A software application that runs on the user's mobile device or theSIM card itself.

When the CLB System is enabled, the software application enters into the“monitoring” phase. Upon entering this phase, a connection with theserver is established over an existing WIFI connection or by utilizing adata connection provided by the mobile network provider (such as 3G orother). The application then obtains from the server the cellular planinformation of the SIM card that is currently in use. While in the“monitoring” phase, the application records the user's airtime/data/SMSusage (the “usage statistics”) and verifies that the user has notexceeded their cellular plan limits.

The “monitoring” phase will continue until an “excess event” has beentriggered. An “excess event” occurs when the system detects that:

-   -   1. The user has exceeded the allowable usage designated by their        cellular plan or is about to exceed their plan (as determined by        a pre-defined threshold); and    -   2. One of the following occurs:        -   a. The user is making a phone call or sending an SMS; or        -   b. Data transmissions are occurring over a non-WIFI data            connection.

If the “excess event” is triggered by the user making a phone-ca/SMS,the software system will intercept the call/SMS. Information on thecall/SMS will be saved and the system will then enter the “contractbalancing” phase. If, however, the “excess event” is triggered as aresult of data usage, the system will automatically enter the “contractbalancing” phase.

Upon entering the “contract balancing” phase, a warning will bedisplayed to inform the user that they have (or are in danger of)exceeding their cellular plan. An option will be presented to the userallowing them to either: (1) proceed under their current plan (andpossibly incur additional charges) or (2) allow the system todynamically swap them to a new plan. If the second option is selected,the software application will communicate with the SIM Bank server toprovide the user with the credentials of a different SIM. Thecommunication will occur over an existing WIFI/data connection orthrough a communication device attached to the SIM virtualizationhardware. The plan-swapping will be done through the following steps:

-   -   1) The software application will transmit the user's cellular        usage statistics to the SIM Bank Server.    -   2) Based on the usage statistics, the SIM Bank server will        examine the SIMs it has available and select one that best        suites the user's usage requirements. For instance, if the user        is almost out of data, a SIM will be found that has available        data usage on its cellular plan. If the user's usage statistics        show that they only lightly use data, a SIM will be provided        that has a smaller data plan to allow for larger data plans to        be allocated to users with greater data needs.    -   3) Upon a plan being selected, the server will communicate back        to the software system the identification credentials (IMSI,        ICCID, PLMN and any other credentials required to identify the        SIM to the network). With the SIM Bank server, the SIM will be        designated as “in use” to prevent the possibility of it being        allocated to another user.    -   4) The software system will pass the identification credentials        via a communication protocol (Bluetooth, USB or any other        wired/wireless method of communicating) to the SIM        Virtualization Hardware.    -   5) The software system will then initiate a “session reset”        process to allow for the new SIM credentials to be        authenticated. This process may be identical to that used by the        SIM Virtualization hardware to perform a SIM-swap. Furthermore,        this process may be conducted by way of a “cold reset”        (physically restarting the mobile device) or a “warm reset”        (restarting the mobile network session without turning off the        mobile station).

Upon the new SIM credentials being authenticated, the software systemwill then enter the “functionality resuming” phase. If the original“excess event” was triggered by a phone call/SMS, the system will redialthe phone number/send out the original SMS. If, however, the excessevent was triggered by data usage, the system will skip this phaseentirely.

It is important to note the solution of the present invention may bedone either with or without the cooperation of the variouscommunications networks. In the independent scenario (i.e. withoutnetwork co operation), as described above, a VOIP server is used tosimply forwards the received calls and SMSs to the user's local SIM.However, in the network dependent scenario, and with reference to FIG.10, the communications processor 256 allows a multitude of IMSI-relatedconfidential information (such as the IMSI itself, the Ki and therelated algorithm) to be stored in on the SIM card device 250 itself, soas to define a multi-IMSI SIM card device 250. It is envisaged that upto 600 IMSIs may be stored on the device 250.

MVNOs have been briefly described above, but it is important to notethat MNVOs have increased in prominence in recent years. In one versionof the invention, it is envisaged that the confidential networkcredentials of all SIM cards used by the MVNO (MNOs even) be stored onthe SIM card devices (of the present invention) described above. In sucha case, when monitoring the communications between the SIM card and thebaseband processor, as described above, the solution of the presentinvention will provide a SIM card profile to ensure the best possiblelocal rates for the user. In this arrangement, it may be said that theSIM card associated with the default/home communications networkcooperates with the SIM card device 250 of the present invention, in anyof the embodiments shown in FIGS. 4, 5, 10, 11, and 13 to 16.

In this regard, an accounts module may be provided to control and managethe billing of users using the solution of the present invention. Inparticular, it is envisaged that either there will be one account forall MVNOs/MNOs (in the form of, for example, a central wallet) ormultiple accounts (one per MVNO/MNO). Thus, when a switch to anew/alternate/optimum network takes place, as discussed above, thesolution sets up a call forward to the local country number and linkedusing VOIP to an active SIM card in that country, thereby ensuring thebest possible rates for the user.

Advantageously, required updates for the present invention may be madeover the air (OTA), in any one of a number of different ways, such asSMS, USSD etc. Typically, the network updates items such as who the useris not allowed to connect to (FPLMN), files dealing with steering theuser to preferred networks, phone number updates, emergency numberupdates and even the user's IMSI credential.

Regarding OTA updating, in a further embodiment, this invention canperform Precision Over the Air updating (POTA), which will now bedescribed with reference to FIG. 17. As described above, a mobile device410 typically comprises a baseband processor 412 to manage theantenna-related functions of the mobile device 410 and a SIM card 414,with the baseband processor 412 communicating with a network 416 via anantenna 418. A SIM card device 420, which may take the form of anoverlay, is located between the baseband processor 412 and the SIM card414. The purpose of the overlay 420, as described above, is to interceptcommunications between the baseband processor 412 and the SIM card 414,and to redirect and modify the communications so as to authenticate themobile device 410 on an alternate communications network.

As described above, the overlay 420 comprises:

-   -   1) A communications processor (or MCU) 422, in which firmware is        embedded;    -   2) A PCB (flexible or otherwise) upon which the MCU 422 is        mounted and wires are routed; and    -   3) Pads that allow for the MCU 422 to send/receive information        to/from the mobile device's SIM card 414.

As would be expected, the firmware in the MCU 422 needs to be remotelyupdated and configured.

In an embodiment, the overlay 420 further includes a localcommunications manager (LCM) 424 to receive an update message from aremote communications module (RCM) 426 and to issue an appropriatecommand to update the MCU's firmware accordingly. The LCM 424 may takethe form of either a separate chip to intercept the messages sent fromthe RCM 426 or a module 424 on the overlay's MCU 422 (as illustrated).In one particular version, the LCM 424 takes the form of a proceduralalgorithm on the MCU 422. The purpose of the LCM 424 is to read,interpret and process messages sent from the RCM 426 and then issue theappropriate commands to the MCU 422.

In an embodiment, the MCU 422 comprises a distributed data MCU (DDMCU),in which the MCU 422 comprises a plurality of permanent orpseudo-permanent memory blocks, each memory block governing aninstruction or function (or related instructions or functions)associated with the overlay 420. In other words, in utilizing thisfeature, the overlay's MCU 422 is structured so as to have its datadistributed appropriately (a DDMCU). This is achieved by segregating theinstructions that are to be loaded on into segregated blocks of memory.Each group of related instructions are grouped into one permanent memoryblock with additional buffer space allocated to allow for the expansionof the instruction blocks' size. As an example, the memory block dealingwith UART communications could be assigned to memory address 0x3000whereas the memory block dealing with SIM Toolkit Menu control may beplaced in memory address 0x4000. The exact addresses used areirrelevant.

In an embodiment, each update message sent by the RCM 426 comprises theaddress of the memory block in the MCU 422 to be updated and a matchinglist of replacement data that is to replace the existing data in therespective memory block. In order to conduct an update, the RCM 426 isloaded up with the list of memory addresses that require updating. Foreach memory address there is a matching list of replacement data,typically in the form of hexadecimal values. These values correspond tothe instructions that are to be present in the specified memorylocation. For example, in location 0x3000 the corresponding list ofhexadecimal values could be 0xFF 0xFF 0xFF 0xFF. This would mean thatthe first 4 bytes starting from 0x3000 would be replaced with the value0xFF. It should be noted that it is not necessary that the values be inhexadecimal format. Binary or similar could also be used so long as theLCM 424 is configured to interpret the format used correctly.

Once the RCM 426 is loaded with the list of memory addresses that needto be updated, update messages are sent to the overlay 420 utilizing theRCM's selected comr

protocol. In one embodiment, this could be through the use of binarySMS. In utl

SMS, the message is appropriately encoded so as to inform the mobilephone

the overlay 420 resides to pass the message to the overlay 420. Thiswould

the mobile phone 410 passing the message to the baseband processor 4

then communicates it over UART to the overlay 420.

In an embodiment, the LCM 424, upon receiving the update messag

address of the memory block in the MCU 422 to be updated. Upon themessage

the overlay 420, the LCM 424 intercepts the message and processes it.Processing w

involve determining what memory location the data is to be written toand preparing the system for an update. In preparing the overlay for theupdate, the LCM 424 is arranged to:

-   -   stall the baseband processor 412 by requesting more processing        time (since the updating process can be time intensive);    -   instruct the MCU 422 to erase the data at the address in the        memory block that is to be updated;    -   instruct the MCU 422 to write the replacement data into the        address of the memory block; and    -   once the replacement data has been written into the relevant        memory block, instruct the baseband processor 412 to return to        normal operating state.

In an embodiment, if the target MCU 422 does not allow for the erasingof a single byte (but instead only an entire block of memory), the LCM422 is arranged to first back up the extra data that is erased. Forexample, if the target MCU 422 only allows erasing of 1024 bytes at atime, if an update of 4 bytes comes in, the MCU 422 must back up the1020 bytes that are requested to be modified. At the time of writing thereplacement data, if an entire block of memory had to be erased, the LCM424 at this point instructs the MCU 422 to write the backed-up remainingbytes.

In an embodiment, the RCM 426 comprises a SMS/USSD gateway or systemcapable of relaying the update message to the LCM 424 via either themobile device's baseband processor 12 or the SIM card 414.

In an embodiment, the system allows for the updating of the entirefirmware on the overlay 420 or a single byte on the MCU 422.

1.-32. (canceled)
 33. A wireless communication module for a card, thewireless communication module comprising: a card processor to facilitateconventional functionalities associated with the card, including datastorage, network authentication and basic communication; a dataprocessing module to manage data communication to and from the cardprocessor; and a wireless transceiver module to facilitatecommunications with a least one external or attached device over awireless medium.
 34. The wireless communication module of claim 33,wherein the card is a SIM card or a smart card, including a bank and/orcredit card.
 35. The wireless communication module according to claim33, wherein the wireless communication module takes the form of anexternal module that latches onto an existing card.
 36. The wirelesscommunication module according to claim 35, wherein the external moduleis connected to pads on the card, either directly or through a flexiblePCB,
 37. The wireless communication module according to claim 33,wherein the wireless communication module is directly embedded onto thecard itself.
 38. The wireless communication module according to claim35, wherein the card processor and the data processing module arecombined into a single processing component.
 39. The wirelesscommunication module according to claim 33, wherein the wirelesstransceiver module comprises a bluetooth radio to communicate over thewireless medium with a virtual SIM residing on a separate computer. 40.The wireless communication module according to claim 39, wherein thewireless communication module acts as a communications conduit between amobile station housing the wireless communication module and the card,so that all communications from a baseband processor in the mobilestation gets captured by the wireless communication module and forwardedto the separate computer, which can then determine an appropriateresponse and relay this information back to the wireless communicationmodule.
 41. The wireless communication module according claim 33,wherein the wireless communication module can be used purely for datatransfer from a default network to an alternate network, in which casethe wireless communication module is encapsulated in a hardware module.